Hi Experts,

I’ve got scenario, seeking your valuable inputs to take this in right direction.

My application is complete server side solution which has 6 different modules and it expose only the REST(Microservices) end points(5 modules are hosted in tomcat 8 container and 1 is hosted in Apache Karaf [OSGI bundle] ) to the external world ; which will be accessed by different enterprise and they need to integrate their SAML 2.0 IDP for authentication.

These Microservices end points could be integrated with their existing portals or could be integrated with their existing mobile app applications, in some scenario’s it could be an exclusive client application built to consume our REST end points which could potentially be a browser based and Mobile app.

The challenge here is, for now we could use only SAML 2.0 based authentication since not all the organizations support OIDC/OAuth2.0 and as well our application could be flexible enough to be integrated with the existing client portals which uses SAML 2.0 authentication.

We are planning to use keycloak as IDP broker to secure our endpoints.

Questions :

1)      Can this be achieved in keycloak? If yes, could you please provide some inputs on architectural directions in keycloak; like should all the modules need to be configured under 1 relam and need to have a separate brokering relam?

2)      Does keycloak support Apache karaf container? I couldn’t find any adapter for this under SAML adapter category.

3)      For REST style endpoints, how should the user credential/Token details need to shared? Any example links? kerberos is not a complete solution here, since it need to work on all the devices(Desktop,Laptop & handheld).

4)      For the REST based solution, can the application completely rely on keycloak for the session management, after the first time the user is authenticated?

Any inputs on this will be highly valued.

Regards,

Siva.